Re: [Full-disclosure] RC Trojan 1.1d (Undetected)

Too bad they killed it already. 2014-02-19 21:17 GMT+01:00 ICSS Security ctrlaltdel...@outlook.pt: Hi, Just releasing my new achievement. What is? RC Trojan AKA Remote Control trojan which allow the control of a computer remotely in the same network (Lan/Wan). It's build in

Re: [Full-disclosure] A question for the list - WordPress plugin inspections

It is valuable I concur (# line of code, file names and CVE submission). I would also suggest to use common classifications (or a mapping) such as OWASP TOP10, WASC, CWE (CAPEC) for your criterias. Providing details regarding the methodology or/and tools used for the assessment would be also

Re: [Full-disclosure] A question for the list - WordPress plugin inspections

Hi Jerome, The criteria are here: https://security.dxw.com/about/plugin-inspections/ Is that what you mean? I agree using a common classification would be good. I'll have a look into that. As mentioned before, though - these are not vulnerability reports. We do those too:

[Full-disclosure] [CVE-2014-2027] PHP objection insertion / arbitrary file deletion / possible RCE in egroupware = 1.8.005

Hi Egroupware = 1.8.005 contains a PHP object insertion vulnerability via unsafe use of the unserialize() function. There are lots of classes with magic methods which appear to be exploitable, some of them possibly for remote code execution. The advisory linked below contains an example of an

Re: [Full-disclosure] A question for the list - WordPress plugin inspections

Yes btw you can simply submit by email to osvdb, packetstorm, etc. but I'm pretty sure they will catch it now ;) 2014-02-20 Harry Metcalfe ha...@dxw.com: Hi Jerome, The criteria are here: https://security.dxw.com/about/plugin-inspections/ Is that what you mean? I agree using a common

[Full-disclosure] Barracuda Bug Bounty #30 Firewall - Multiple Persistent Web Vulnerabilities

Document Title: === Barracuda Bug Bounty #30 Firewall - Multiple Persistent Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1065 Barracuda Networks Security ID (BNSEC): BNSEC-2067 Video:

[Full-disclosure] [ MDVSA-2014:045 ] libtar

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:045 http://www.mandriva.com/en/support/security/

Re: [Full-disclosure] RC Trojan 1.1d (Undetected)

It's detected now. ClamAV - PUA.Win32.Packer.Upx-53K7AntiVirus - Trojan ( 000200f91 )K7GW - Trojan ( 000200f91 )Qihoo-360 - HEUR/Malware.QVM06.GenSymantec - WS.Reputation.1TrendMicro-HouseCall - TROJ_GEN.F47V0219 Too bad they killed it already. 2014-02-19 21:17 GMT+01:00 ICSS Security

[Full-disclosure] [SECURITY] [DSA 2864-1] postgresql-8.4 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2864-1 secur...@debian.org http://www.debian.org/security/Christoph Berg February 20, 2014

[Full-disclosure] [SECURITY] [DSA 2865-1] postgresql-9.1 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2865-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff February 20, 2014

[Full-disclosure] [OT] pls ignore

MD5: 0a763d4c7029b13a1eacb09d71a5b66a MD5: 76964959005d734d32f06d0a6fbabaa3 SHA1: 10e3275a6980eec283cc169e3422b94eed32e119 SHA1: 74464e2b58990fdf4379f8f543ef43eef540d985___ Full-Disclosure - We believe in it. Charter: